about summary refs log tree commit diff
path: root/src/libmain
AgeCommit message (Collapse)AuthorFilesLines
2006-12-06 * nix-setuid-helper: allow running programs under a different uid.Eelco Dolstra2-11/+24
2006-12-05 * Allow unprivileged users to run the garbage collector and to doEelco Dolstra1-1/+0
`nix-store --delete'. But unprivileged users are not allowed to ignore liveness. * `nix-store --delete --ignore-liveness': ignore the runtime roots as well.
2006-12-05 * In addPermRoot, check that the root that we just registered can beEelco Dolstra1-1/+1
found by the garbage collector. This addresses NIX-71 and is a particular concern in multi-user stores.
2006-12-04 * Daemon mode (`nix-worker --daemon'). Clients connect to the serverEelco Dolstra1-0/+6
via the Unix domain socket in /nix/var/nix/daemon.socket. The server forks a worker process per connection. * readString(): use the heap, not the stack. * Some protocol fixes.
2006-12-04 * Install the worker in bindir, not libexecdir.Eelco Dolstra2-0/+2
* Allow the worker path to be overriden through the NIX_WORKER environment variable.
2006-12-03 * Doh.Eelco Dolstra2-1/+4
2006-12-03 * Don't run setuid root when build-users is empty.Eelco Dolstra1-1/+1
* Send startup errors to the client.
2006-12-03 * Removed `build-allow-root'.Eelco Dolstra2-0/+5
* Added `build-users-group', the group under which builds are to be performed. * Check that /nix/store has 1775 permission and is owner by the build-users-group.
2006-12-03 * Use setreuid if setresuid is not available.Eelco Dolstra1-6/+12
2006-12-02 * Remove most of the old setuid code.Eelco Dolstra1-4/+56
* Much simpler setuid code for the worker in slave mode.
2006-11-30 * Refactoring. There is now an abstract interface class StoreAPIEelco Dolstra1-2/+3
containing functions that operate on the Nix store. One implementation is LocalStore, which operates on the Nix store directly. The next step, to enable secure multi-user Nix, is to create a different implementation RemoteStore that talks to a privileged daemon process that uses LocalStore to perform the actual operations.
2006-11-18 * Turn off synchronisation between C and C++ I/O functions. ThisEelco Dolstra1-0/+2
gives a huge speedup in operations that read or write from standard input/output. (So libstdc++'s I/O isn't that bad, you just have to call std::ios::sync_with_stdio(false).) For instance, `nix-store --register-substitutes' went from 1.4 seconds to 0.1 seconds on a certain input. Another victory for Valgrind.
2006-09-27 * Fix setuid builds.Eelco Dolstra1-4/+0
2006-09-04 * Move setuid stuff to libutil.Eelco Dolstra1-133/+0
* Install libexpr header files.
2006-09-04 * Don't need extern "C".Eelco Dolstra1-2/+0
2006-09-04 * Use a proper namespace.Eelco Dolstra2-14/+27
* Optimise header file usage a bit. * Compile the parser as C++.
2006-09-04 * Store the Nix libraries in ${libdir}/nix instead of ${libdir}.Eelco Dolstra1-1/+1
2006-08-29 * Support singleton values and nested lists again in `args', but printEelco Dolstra1-7/+4
a warning.
2006-08-10 * New configuration setting `build-max-jobs' which sets the defaultEelco Dolstra1-0/+7
for the `-j' flag (i.e., the maximum number of jobs to execute in parallel). Useful on multi-processor machines.
2006-07-20 * Use $(libexecdir) to find find-runtime-roots.pl.Eelco Dolstra2-0/+2
2006-07-06 * Allow the canonical system name to be specified at runtime in theEelco Dolstra1-0/+2
Nix config file.
2006-05-12 * Support for srcdir != builddir (NIX-41).Eelco Dolstra1-1/+2
2006-03-10 * Allow `make check' to work in directories that have symlinkEelco Dolstra1-23/+2
components.
2006-03-01 * Close the database before the destructor runs.Eelco Dolstra1-0/+3
2006-01-09 * dirOf: return "/", not "", for paths in the root directory. Fixes NIX-26.Eelco Dolstra1-1/+1
2005-11-04 * Install signal handlers for SIGTERM and SIGHUP. This ensures thatEelco Dolstra1-0/+4
Nix is properly shut down when it receives those signals. In particular this ensures that killing the garbage collector doesn't cause a subsequent database recovery.
2005-10-17 * Beginning of secure multi-user Nix stores. If Nix is started asEelco Dolstra1-0/+5
root (or setuid root), then builds will be performed under one of the users listed in the `build-users' configuration variables. This is to make it impossible to influence build results externally, allowing locally built derivations to be shared safely between users (see ASE-2005 paper). To do: only one builder should be active per build user.
2005-07-22 * Build dynamic libraries.Eelco Dolstra1-2/+2
2005-02-01 * A GC setting `gc-keep-outputs' to specify whether output paths ofEelco Dolstra2-0/+2
derivations should be kept.
2005-02-01 * nix-store, nix-instantiate: added an option `--add-root' toEelco Dolstra2-1/+27
immediately add the result as a permanent GC root. This is the only way to prevent a race with the garbage collector. For instance, the old style ln -s $(nix-store -r $(nix-instantiate foo.nix)) \ /nix/var/nix/gcroots/result has two time windows in which the garbage collector can interfere (by GC'ing the derivation and the output, respectively). On the other hand, nix-store --add-root /nix/var/nix/gcroots/result -r \ $(nix-instantiate --add-root /nix/var/nix/gcroots/drv \ foo.nix) is safe. * nix-build: use `--add-root' to prevent GC races.
2005-01-31 * Automatically remove temporary root files.Eelco Dolstra1-0/+14
2005-01-28 * Use NIX_STORE environment variable to locate the store (in additionEelco Dolstra1-1/+1
to NIX_STORE_DIR) so that Nix invocations in builders in `make check' work correctly if the store doesn't exist.
2005-01-19 * Renamed `normalise.cc' -> `build.cc', `storeexprs.cc' ->Eelco Dolstra1-2/+2
`derivations.cc', etc. * Store the SHA-256 content hash of store paths in the database after they have been built/added. This is so that we can check whether the store has been messed with (a la `rpm --verify'). * When registering path validity, verify that the closure property holds.
2005-01-14 * Start move towards SHA-256 hashes instead of MD5.Eelco Dolstra1-4/+4
* Start cleaning up unique store path generation (they weren't always unique; in particular the suffix ("-aterm-2.2", "-builder.sh") was not part of the hash, therefore changes to the suffix would cause multiple store objects with the same hash).
2004-10-29 * Drop ATmake / ATMatcher also in handling store expressions.Eelco Dolstra1-0/+6
2004-10-25 * Allow certain operations to succeed even if we don't have writeEelco Dolstra1-0/+2
permission to the Nix store or database. E.g., `nix-env -qa' will work, but `nix-env -qas' won't (the latter needs DB access). The option `--readonly-mode' forces this mode; otherwise, it's only activated when the database cannot be opened.
2004-10-25 * Revert r1594 - it didn't solve the problem. Instead addEelco Dolstra1-1/+1
svn-revision to distributions, which should fix it.
2004-10-25 * Make sure that the prerelease version is included in `--version'.Eelco Dolstra1-1/+1
2004-09-10 * Operation `--delete-generations' to delete generations of aEelco Dolstra1-3/+1
profile. Arguments are either generation number, or `old' to delete all non-current generations. Typical use: $ nix-env --delete-generations old $ nix-collect-garbage * istringstream -> string2Int.
2004-09-09 * A very dirty hack to make setuid installations a bit nicer to use.Eelco Dolstra1-12/+49
Previously there was the problem that all files read by nix-env etc. should be reachable and readable by the Nix user. So for instance building a Nix expression in your home directory meant that the home directory should have at least g+x or o+x permission so that the Nix user could reach the Nix expression. Now we just switch back to the original user just prior to reading sources and the like. The places where this happens are somewhat arbitrary, however. Any scope that has a live SwitchToOriginalUser object in it is executed as the original user. * Back out r1385. setreuid() sets the saved uid to the new real/effective uid, which prevents us from switching back to the original uid. setresuid() doesn't have this problem (although the manpage has a bug: specifying -1 for the saved uid doesn't leave it unchanged; an explicit value must be specified).
2004-09-09 * Use setre[ug]id() instead of setres[ug]id(), since the former isEelco Dolstra1-4/+4
more common than the latter (which exists only on Linux and FreeBSD). We don't really care about dropping the saved IDs since there apparently is no way to quiry them in any case, so it can't influence the build (unlike the effective IDs which are checked by Perl for instance).
2004-09-09 * Set the umask to known value (0022). This is important in aEelco Dolstra1-0/+6
setuid installation, since the calling user may have a more fascist umask (say, 0077), which would cause the store objects built by Nix to be unreadable to anyone other than the Nix user.
2004-08-20 * The gid should also match.Eelco Dolstra1-1/+1
2004-08-20 * Unbreak programs that are not setuid (such as nix-hash).Eelco Dolstra1-0/+3
2004-08-20 * On systems that have the setresuid() and setresgid() system calls toEelco Dolstra1-8/+21
set the real uid and gid to the effective uid and gid, the Nix binaries can be installed as owned by the Nix user and group instead of root, so no root involvement of any kind is necessary. Linux and FreeBSD have these functions.
2004-08-20 * Setuid support for sharing a Nix installation between multipleEelco Dolstra1-0/+82
users. If the configure flag `--enable-setuid' is used, the Nix programs nix-env, nix-store, etc. are installed with the setuid bit turned on so that they are executed as the user and group specified by `--with-nix-user=USER' and `--with-nix-group=GROUP', respectively (with defaults `nix' and `nix'). The setuid programs drop all special privileges if they are executed by a user who is not a member of the Nix group. The setuid feature is a quick hack to enable sharing of a Nix installation between users who trust each other. It is not generally secure, since any user in the Nix group can modify (by building an appropriate derivation) any object in the store, and for instance inject trojans into binaries used by other users. The setuid programs are owned by root, not the Nix user. This is because on Unix normal users cannot change the real uid, only the effective uid. Many programs don't work properly when the real uid differs from the effective uid. For instance, Perl will turn on taint mode. However, the setuid programs drop all root privileges immediately, changing all uids and gids to the Nix user and group.
2004-08-18 * The default verbosity level of all Nix commands is now lvlInfo.Eelco Dolstra1-1/+3
* Builder output is written to standard error by default. * The option `-B' is gone. * The option `-Q' suppresses builder output. The result of this is that most Nix invocations shouldn't need any flags w.r.t. logging.
2004-06-28 * Added a switch `--fallback'. From the manual:Eelco Dolstra1-0/+2
Whenever Nix attempts to realise a derivation for which a closure is already known, but this closure cannot be realised, fall back on normalising the derivation. The most common scenario in which this is useful is when we have registered substitutes in order to perform binary distribution from, say, a network repository. If the repository is down, the realisation of the derivation will fail. When this option is specified, Nix will build the derivation instead. Thus, binary installation falls back on a source installation. This option is not the default since it is generally not desirable for a transient failure in obtaining the substitutes to lead to a full build from source (with the related consumption of resources).
2004-06-25 * A flag `--keep-going / -k' to keep building goals if one fails, asEelco Dolstra1-0/+2
much as possible. (This is similar to GNU Make's `-k' flag.) * Refactoring to implement this: previously we just bombed out when a build failed, but now we have to clean up. In particular this means that goals must be freed quickly --- they shouldn't hang around until the worker exits. So the worker now maintains weak pointers in order not to prevent garbage collection. * Documented the `-k' and `-j' flags.
2004-05-13 * The build hooks used to implement distributed builds can now be runEelco Dolstra1-0/+6
in parallel. Hooks are more efficient: locks on output paths are only acquired when the hook says that it is willing to accept a build job. Hooks now work in two phases. First, they should first tell Nix whether they are willing to accept a job. Nix guarantuees that no two hooks will ever be in the first phase at the same time (this simplifies the implementation of hooks, since they don't have to perform locking (?)). Second, if they accept a job, they are then responsible for building it (on the remote system), and copying the result back. These can be run in parallel with other hooks and locally executed jobs. The implementation is a bit messy right now, though. * The directory `distributed' shows a (hacky) example of a hook that distributes build jobs over a set of machines listed in a configuration file.